familien-in-duderstadt.de Open in urlscan Pro
144.76.75.26 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html
Submission: On September 09 via automatic, source openphish (September 9th 2017, 7:32:47 pm UTC)

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 144.76.75.26, located in Germany and belongs to HETZNER-AS, DE. The main domain is familien-in-duderstadt.de.

This is the only time familien-in-duderstadt.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address		AS Autonomous System
9	144.76.75.26 144.76.75.26		24940 (HETZNER-AS) (HETZNER-AS)
9	1

9 144.76.75.26 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: web03.site-bank.de

familien-in-duderstadt.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	familien-in-duderstadt.de familien-in-duderstadt.de	38 KB
9	1

	Domain	Requested by
9	familien-in-duderstadt.de	familien-in-duderstadt.de
9	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html
Frame ID: 15408.1
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

38 kB
Transfer

53 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request detail.html Show response familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/	17 KB 2 KB	5ms 4ms	Document text/html	144.76.75.26 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html Protocol HTTP/1.1 Server 144.76.75.26 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS web03.site-bank.de Software Apache / PleskLin Resource Hash `233f82897ce30e5cc67a139e19cdf5f48d599adaef9a8fea4b38cfb1b951a47d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 09 Sep 2017 19:32:37 GMT Content-Encoding gzip Last-Modified Tue, 21 Jul 2015 03:30:40 GMT Server Apache X-Powered-By PleskLin ETag "205c1d8-44e6-51b5a4740f800" Vary Accept-Encoding Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2267
GET H/1.1	200 OK	shape99692734.gif familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/	2 KB 2 KB	4ms 4ms	Image image/gif	144.76.75.26 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/shape99692734.gif Requested by Host: familien-in-duderstadt.de URL: http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html Protocol HTTP/1.1 Server 144.76.75.26 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS web03.site-bank.de Software Apache / PleskLin Resource Hash `c94d005aa269bc723ed58c5eec705b6ce88a25a5f2f5f6f65b229295730bfe1e` Request headers Referer http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 09 Sep 2017 19:32:37 GMT Last-Modified Sun, 07 Jun 2015 09:35:28 GMT Server Apache X-Powered-By PleskLin ETag "205c1ed-9ff-517ea3edcd800" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2559
GET H/1.1	200 OK	header2.png familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/	11 KB 11 KB	4ms 3ms	Image image/png	144.76.75.26 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/header2.png Requested by Host: familien-in-duderstadt.de URL: http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html Protocol HTTP/1.1 Server 144.76.75.26 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS web03.site-bank.de Software Apache / PleskLin Resource Hash `0c13137f6f88900cd6891fb127a7a735de1516046f3e683498f19a3656a13ad5` Request headers Referer http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 09 Sep 2017 19:32:37 GMT Last-Modified Sat, 24 Jan 2015 13:00:20 GMT Server Apache X-Powered-By PleskLin ETag "205c1e6-2aa0-50d657cc9a100" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 10912
GET H/1.1	200 OK	dd.png familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/	7 KB 7 KB	4ms 3ms	Image image/png	144.76.75.26 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/dd.png Requested by Host: familien-in-duderstadt.de URL: http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html Protocol HTTP/1.1 Server 144.76.75.26 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS web03.site-bank.de Software Apache / PleskLin Resource Hash `7aedc28b04e0f5e592e7fa43759bbb9d284131b4be40827610f3b2f1113b1453` Request headers Referer http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 09 Sep 2017 19:32:37 GMT Last-Modified Sat, 24 Jan 2015 13:00:44 GMT Server Apache X-Powered-By PleskLin ETag "205c1e0-1ce4-50d657e37d700" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7396
GET H/1.1	200 OK	footer.png familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/	4 KB 4 KB	10ms 9ms	Image image/png	144.76.75.26 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/footer.png Requested by Host: familien-in-duderstadt.de URL: http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html Protocol HTTP/1.1 Server 144.76.75.26 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS web03.site-bank.de Software Apache / PleskLin Resource Hash `830720daeee544839f87abddec6f46bbfd54e73223cb1be5e86a5c158abd8836` Request headers Referer http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 09 Sep 2017 19:32:37 GMT Last-Modified Tue, 09 Aug 2016 17:39:10 GMT Server Apache X-Powered-By PleskLin ETag "205c1e2-ed2-539a702a14b80" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3794
GET H/1.1	404 Not Found	img101158218.png familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/	971 B 0	7ms 6ms	Image text/html	144.76.75.26 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/img101158218.png Requested by Host: familien-in-duderstadt.de URL: http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html Protocol HTTP/1.1 Server 144.76.75.26 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS web03.site-bank.de Software Apache / PleskLin Resource Hash `3e2ebf0137225d0500085f8b697ca2993209377edfbc3b8e1d83a001e27966d2` Request headers Referer http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 09 Sep 2017 19:32:37 GMT Content-Encoding gzip Last-Modified Sun, 19 Jan 2014 21:19:49 GMT Server Apache X-Powered-By PleskLin ETag "1fac416-3cb-4f05955cb8740" Vary Accept-Encoding Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 559
GET H/1.1	200 OK	2nd.png familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/	10 KB 10 KB	9ms 8ms	Image image/png	144.76.75.26 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/2nd.png Requested by Host: familien-in-duderstadt.de URL: http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html Protocol HTTP/1.1 Server 144.76.75.26 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS web03.site-bank.de Software Apache / PleskLin Resource Hash `0861d24e1728e489b8159f1119dedd64d2eaaa7b908b82f8bb83ecce3fd6f5f4` Request headers Referer http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 09 Sep 2017 19:32:37 GMT Last-Modified Sat, 24 Jan 2015 13:28:54 GMT Server Apache X-Powered-By PleskLin ETag "205c1dc-2823-50d65e2f33180" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 10275
GET H/1.1	200 OK	siggg.png familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/	435 B 435 B	3ms 3ms	Image image/png	144.76.75.26 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/siggg.png Requested by Host: familien-in-duderstadt.de URL: http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html Protocol HTTP/1.1 Server 144.76.75.26 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS web03.site-bank.de Software Apache / PleskLin Resource Hash `9eca34a61c91f2b34a68d08f52a49924aace0c78e634c36593ba42042a2a9b23` Request headers Referer http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 09 Sep 2017 19:32:37 GMT Last-Modified Mon, 08 Jun 2015 07:17:04 GMT Server Apache X-Powered-By PleskLin ETag "205c1ef-1b3-517fc6dbf3c00" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 435
GET H/1.1	200 OK	next.png familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/	769 B 769 B	5ms 5ms	Image image/png	144.76.75.26 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/images/next.png Requested by Host: familien-in-duderstadt.de URL: http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html Protocol HTTP/1.1 Server 144.76.75.26 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS web03.site-bank.de Software Apache / PleskLin Resource Hash `9246c258efc487b318cddb95898a31e3d439deed56889f3c8ff8c43bfbdc66d7` Request headers Referer http://familien-in-duderstadt.de/umfrlandkreis/css/wel/@/@wes/detail.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36 Response headers Date Sat, 09 Sep 2017 19:32:37 GMT Last-Modified Sat, 24 Jan 2015 13:30:36 GMT Server Apache X-Powered-By PleskLin ETag "205c1eb-301-50d65e9079700" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 769

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

familien-in-duderstadt.de
144.76.75.26
0861d24e1728e489b8159f1119dedd64d2eaaa7b908b82f8bb83ecce3fd6f5f4
0c13137f6f88900cd6891fb127a7a735de1516046f3e683498f19a3656a13ad5
233f82897ce30e5cc67a139e19cdf5f48d599adaef9a8fea4b38cfb1b951a47d
3e2ebf0137225d0500085f8b697ca2993209377edfbc3b8e1d83a001e27966d2
7aedc28b04e0f5e592e7fa43759bbb9d284131b4be40827610f3b2f1113b1453
830720daeee544839f87abddec6f46bbfd54e73223cb1be5e86a5c158abd8836
9246c258efc487b318cddb95898a31e3d439deed56889f3c8ff8c43bfbdc66d7
9eca34a61c91f2b34a68d08f52a49924aace0c78e634c36593ba42042a2a9b23
c94d005aa269bc723ed58c5eec705b6ce88a25a5f2f5f6f65b229295730bfe1e

familien-in-duderstadt.de Open in urlscan Pro 144.76.75.26 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

38 kBTransfer

53 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

familien-in-duderstadt.de Open in urlscan Pro
144.76.75.26 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

38 kB
Transfer

53 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!